CVE-2025-30016CRITICAL 9.8EPSS p41.1%

CVE-2025-30016CVE-2025-30016

Description

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.54% probability of exploitation · percentile 41.1% · 2026-06-18T12:00:27Z
Published2025-04-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-921

References

  1. https://me.sap.com/notes/3572688
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessStorage of Sensitive Data in a Mechanism without Access Controlcwe-9210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0511
CVE
CVE-2025-42982
CVE
CVE-2025-0066
CVE
CVE-2025-0070
CVE
CVE-2025-42953
CVE
CVE-2025-42951
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.